Hi
How about recycle (down + up) fallback route when your primary is up? This would invalidate existing too? forcing switch to primary.
/tools netwatch add comment=Provider1 host=8.8.8.8 down-script="/ip route set [find distance=10] disabled=yes" up-script="/ip route set [find distance=10] disabled=no; /ip route set [find distance=11] disabled=yes; :delay 1;/ip route set [find distance=11] disabled=no"
/tools netwatch add comment=Provider2 host=8.8.4.4 down-script="/ip route set [find distance=11] disabled=yes" up-script="/ip route set [find distance=11] disabled=no"
/tool netwatch add comment=Provider1 host=8.8.8.8 down-script="/ip route set [find distance=10] disabled=yes" up-script="/ip route set [find distance=10] disabled=no; /tool netwatch disable [find comment=Provider2]; /ip route set [find distance=11] disabled=yes; :delay 1; /ip route set [find distance=11] disabled=no; /tool netwatch enable [find comment=Provider2]"
/tool netwatch add comment=Provider2 host=8.8.4.4 down-script="/ip route set [find distance=11] disabled=yes" up-script="/ip route set [find distance=11] disabled=no"
# Fixed route definition
/ip route
add distance=2 routing-mark=testwan type=blackhole
add distance=1 dst-address=8.8.4.4/32 gateway=192.2.2.2 routing-mark=testwan (isp2)
add distance=1 dst-address=8.8.8.8/32 gateway=192.1.1.1 routing-mark=testwan (isp1)
# Testwan addresses
/ip firewall address-list
add address=8.8.8.8 list=testwan
add address=8.8.4.4 list=testwan
# Testwan route markings to use defined route table
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=testwan new-routing-mark=testwan \
passthrough=yes
add comment=ISP2_check_host distance=1 dst-address=8.8.4.4/32 gateway=192.XXX.XX.X
add comment=ISP1_check_host distance=1 dst-address=8.8.8.8/32 gateway=192.XXX.X.X
/tool netwatch
add comment=Provider1 down-script="/ip route set [find distance=10] disabled=yes" host=8.8.8.8 interval=15s \
timeout=500ms up-script="/ip route set [find distance=10] disabled=no; /tool netwatch disable [find comment=Prov\
ider2]; /interface ethernet disable <ether isp2>; :delay 1; /interface ethernet enable <ether isp2>: \
/tool netwatch enable [find comment=Provider2]"
/interface ethernet disable ether1;
Hello All,
My problem is quite basic, yet i'm stuck. Attempted to set up WAN1 to WAN2 failover with automatic switch to WAN1 when back online. I understand that links established on WAN2 are not reset, as when WAN1 goes offline all the links collapse and WAN2 establishes new ones, however, when WAN2 is still active and WAN1 comes back online, the links are not reset, so I'm stuck with traffic still going through WAN2 and some WAN1 for the new links. Can any help me with my config on how to force WAN2 to reset after WAN1 comes online. I used the following config:
Does anyone has any idea on how to resolve it or approach it another way?Code: Select all/ip route add dst-address=8.8.8.8 gateway=<ISP1 gateway> /ip route add dst-address=8.8.4.4 gateway=<ISP2 gateway> /tools netwatch add comment=Provider1 host=8.8.8.8 down-script="/ip route set [find distance=10] disabled=yes" up-script="/ip route set [find distance=10] disabled=no" /tools netwatch add comment=Provider2 host=8.8.4.4 down-script="/ip route set [find distance=11] disabled=yes" up-script="/ip route set [find distance=11] disabled=no"
/ip route
add check-gateway=ping distance=1 gateway=<ISP1_Gateway_IP>
add check-gateway=ping distance=2 gateway=<ISP2_Gateway_IP>
Yeah... I did, but it doesn't really work, as I have VPN client and the tunnel get hung up on WAN2.. ready above. I like simple solutions but this is not the case here.
distance=1 dst-address=8.8.4.4/32 gateway=192.2.2.2 routing-mark=testwan (isp2)
distance=1 dst-address=8.8.8.8/32 gateway=192.1.1.1 routing-mark=testwan (isp1)
{
:local label "WAN1";
:local distance 10;
:local pingadr 8.8.8.8/32
:local count [/ip route print count-only where comment=$label]
:if ($bound=1) do={
:if ($count = 0) do={
/ip route add distance=$distance gateway=$"gateway-address" comment=$label
/ip route add distance=1 dst-address=$pingadr gateway=$"gateway-address" routing-mark=testwan
} else={
:if ($count = 1) do={
:local test [/ip route find where comment=$label]
:if ([/ip route get $test gateway] != $"gateway-address") do={
/ip route set $test gateway=$"gateway-address"
/ip route set [find routing-mark=testwan dst-address=$pingadr ] gateway=$"gateway-address"
}
} else={
:error "Multiple routes found"
}
}
} else={
/ip route remove [find comment=$label]
/ip route remove [find routing-mark=testwan dst-address=$pingadr ]
}
}
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=testwan new-routing-mark=testwan \
passthrough=yes
/ip route
add check-gateway=ping distance=2 dst-address=<VPN_Server_IP> gateway=<ISP1_Gateway_IP>
add check-gateway=ping distance=3 dst-address=<VPN_Server_IP> gateway=<ISP2_Gateway_IP>
Hi ADahi,
What I need is WAN1 to WAN2 failover and after WAN1 comes back online for all the traffic to move back to WAN1. We tried the distance approach, however, we also have VPN_Client and when traffic moves to WAN2 as WAN1 is disconnected, it creates new connections which don't reset when WAN1 comes back online and that the issue we're trying to resolve.
Hi ADahi,
What I need is WAN1 to WAN2 failover and after WAN1 comes back online for all the traffic to move back to WAN1. We tried the distance approach, however, we also have VPN_Client and when traffic moves to WAN2 as WAN1 is disconnected, it creates new connections which don't reset when WAN1 comes back online and that the issue we're trying to resolve.
We have multiple LANs... some are on VPN_client tunnel, others are just direct WAN connections... so I need the ability to move traffic along with other LAN traffic from WAN to WAN being WAN1 primary and WAN2 4G
/ip route
add distance=1 gateway=<vpn_gateway> routing-mark=lanvpn_routemark
add distance=1 gateway=<ISP1_Gateway_IP> routing-mark=lanwan_routemark
add distance=1 gateway=<ISP2_Gateway_IP> routing-mark=lanwan_routemark
add check-gateway=ping distance=2 dst-address=<VPN_Server_IP> gateway=<ISP1_Gateway_IP>
add check-gateway=ping distance=3 dst-address=<VPN_Server_IP> gateway=<ISP2_Gateway_IP>